[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
rjw
rjw at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 08:51:24 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit b92208b37fdea7d2a7afa60d801108aa97204189
Author: rjw <rjw at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Mon Jul 19 22:32:48 2004 +0000
Fixed 3733349. Prevent Java applet callbacks into JavaScript after applet
has been destroyed.
Reviewed by John.
* bindings/jni/jni_jsobject.cpp:
(JSObject::invoke):
(JSObject::JSObject):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@7055 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 13ecd6b..59766c3 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,14 @@
+2004-07-19 Richard Williamson <rjw at apple.com>
+
+ Fixed 3733349. Prevent Java applet callbacks into JavaScript after applet
+ has been destroyed.
+
+ Reviewed by John.
+
+ * bindings/jni/jni_jsobject.cpp:
+ (JSObject::invoke):
+ (JSObject::JSObject):
+
2004-07-16 John Sullivan <sullivan at apple.com>
Reviewed by Maciej.
diff --git a/JavaScriptCore/bindings/jni/jni_jsobject.cpp b/JavaScriptCore/bindings/jni/jni_jsobject.cpp
index 138bc81..eeadc35 100644
--- a/JavaScriptCore/bindings/jni/jni_jsobject.cpp
+++ b/JavaScriptCore/bindings/jni/jni_jsobject.cpp
@@ -59,6 +59,8 @@ jvalue JSObject::invoke (JSObjectCallContext *context)
{
jvalue result;
+ bzero ((void *)&result, sizeof(jvalue));
+
if (!isJavaScriptThread()) {
// Send the call context to the thread that is allowed to
// call JavaScript.
@@ -68,71 +70,76 @@ jvalue JSObject::invoke (JSObjectCallContext *context)
else {
jlong nativeHandle = context->nativeHandle;
if (nativeHandle == UndefinedHandle || nativeHandle == 0) {
- bzero ((void *)&result, sizeof(jvalue));
return result;
}
- switch (context->type){
- case CreateNative: {
- result.j = JSObject::createNative(nativeHandle);
- break;
- }
-
- case Call: {
- result.l = JSObject(nativeHandle).call(context->string, context->args);
- break;
- }
-
- case Eval: {
- result.l = JSObject(nativeHandle).eval(context->string);
- break;
- }
-
- case GetMember: {
- result.l = JSObject(nativeHandle).getMember(context->string);
- break;
- }
-
- case SetMember: {
- JSObject(nativeHandle).setMember(context->string, context->value);
- break;
+ if (context->type == CreateNative) {
+ result.j = JSObject::createNative(nativeHandle);
+ }
+ else {
+ KJS::ObjectImp *imp = jlong_to_impptr(nativeHandle);
+ if (!rootForImp(imp)) {
+ fprintf (stderr, "%s:%d: Attempt to access JavaScript from destroyed applet, type %d.\n", __FILE__, __LINE__, context->type);
+ return result;
}
+
+ switch (context->type){
+ case Call: {
+ result.l = JSObject(nativeHandle).call(context->string, context->args);
+ break;
+ }
+
+ case Eval: {
+ result.l = JSObject(nativeHandle).eval(context->string);
+ break;
+ }
- case RemoveMember: {
- JSObject(nativeHandle).removeMember(context->string);
- break;
- }
-
- case GetSlot: {
- result.l = JSObject(nativeHandle).getSlot(context->index);
- break;
- }
+ case GetMember: {
+ result.l = JSObject(nativeHandle).getMember(context->string);
+ break;
+ }
+
+ case SetMember: {
+ JSObject(nativeHandle).setMember(context->string, context->value);
+ break;
+ }
+
+ case RemoveMember: {
+ JSObject(nativeHandle).removeMember(context->string);
+ break;
+ }
- case SetSlot: {
- JSObject(nativeHandle).setSlot(context->index, context->value);
- break;
- }
-
- case ToString: {
- result.l = (jobject) JSObject(nativeHandle).toString();
- break;
- }
-
- case Finalize: {
- ObjectImp *imp = jlong_to_impptr(nativeHandle);
- if (findReferenceDictionary(imp) == 0) {
- // We may have received a finalize method call from the VM
- // AFTER removing our last reference to the Java instance.
- JS_LOG ("finalize called on instance we have already removed.\n");
+ case GetSlot: {
+ result.l = JSObject(nativeHandle).getSlot(context->index);
+ break;
}
- else {
- JSObject(nativeHandle).finalize();
+
+ case SetSlot: {
+ JSObject(nativeHandle).setSlot(context->index, context->value);
+ break;
}
- break;
- }
- default: {
- fprintf (stderr, "%s: invalid JavaScript call\n", __PRETTY_FUNCTION__);
+ case ToString: {
+ result.l = (jobject) JSObject(nativeHandle).toString();
+ break;
+ }
+
+ case Finalize: {
+ ObjectImp *imp = jlong_to_impptr(nativeHandle);
+ if (findReferenceDictionary(imp) == 0) {
+ // We may have received a finalize method call from the VM
+ // AFTER removing our last reference to the Java instance.
+ JS_LOG ("finalize called on instance we have already removed.\n");
+ }
+ else {
+ JSObject(nativeHandle).finalize();
+ }
+ break;
+ }
+
+ default: {
+ fprintf (stderr, "%s: invalid JavaScript call\n", __PRETTY_FUNCTION__);
+ }
}
}
context->result = result;
@@ -152,7 +159,7 @@ JSObject::JSObject(jlong nativeJSObject)
_root = rootForImp(_imp);
- // If we can't find the root for the object something is terrible wrong.
+ // If we can't find the root for the object something is terribly wrong.
assert (_root != 0);
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list